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Abstract---The next era in the advent of the internet is internet 
based computing also known as cloud computing. It has been 
the emphasis in recent years, but security concerns are one 
among the most important impediments to the rise of cloud 
computing.. It essentially sends user data and application 
programs to massive data centers, i.e. a distant cloud, where 
consumers have little control and data management may be 
insecure. However, numerous security issues raised by the 
cloud's unique nature must be addressed and fully 
acknowledged.. Amongst the most critical concerns which 
must be tackled is the security issue. Issues with data security 
created by user data and software in the provider's 
jurisdiction. Cloud users search for cloud resources with 
secure data management. When sharing their personal data 
over public clouds, some cloud users may prefer to manage 
their data with more privacy. This document focuses on 
improving privacy-related data security in the cloud and 
related works that have been done to enhance data security in 
cloud computing. This research review work analyzes and 
discusses several of the security and privacy improvements 
evaluated in related existing systems. 
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I. INTRODUCTION 


There is no single definition of cloud computing that 
everyone agrees on [9]. It is described as a dynamic 
platform that is usually easy to scale and increase 
transparency. Provide users with virtual resources online. 
There are major three levels to cloud computing services; 
Platform, Infrastructure and software as Service. Even 
though every service model contains security measures, 
security requirements differ based on whether the services 
are private, public, mixed, or public cloud [17]. The cloud 
is also a five-part architecture, including customers, 
applications, platforms, and infrastructure and the server. 


e A public cloud that is owned and control by a 
service provider. 

e Community cloud, the physical structure that an 
organization and association have. 


e The private cloud, the structure of which is owned 
and created by a particular organization. 

e The previous three models have been altered by 
the hybrid cloud. 

e Using their ineternal architecture (IaaS, PaaS and 
SaaS) are the deployment models of the cloud. 


Software as a service (SaaS) 


| Platform as a srevice (PaaS) | 


infrastructure as a service (laas) | 


Public cloud Ê rivate cloud 
Hybrid cloud 


Figure 1: Model and services of cloud computing 


Security service 


Security comprises the goals of protection, restoration, and 
assurance. Protection of information in a computer system 
from numerous risks. In reality, the security service 
provided by the security mechanism enforces the security 
policy, as well as the security of computer networks and 
information systems. It is offered via services like as 
integrity, confidentiality, identity verification, non- 
repudiation, and availability. [12]. 
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TABLE 1 
SECURITY ISSUES IN CLOUD COMPUTING 


Make certain that no information is given or distributed 
to unauthorized persons, organizations, or operations. 
Indeed, data is delivered and received without unwanted 
objects gaining access to it during transmission. 
Encrypting data is an effective method of achieving 
privacy. It is accomplished through the use of a 
symmetric or asymmetric key model [16]. 


Confidentiality 


Ascertain that the data received by the authorised 
individual corresponds to the data supplied. The data has 
not changed [15]. 


Integrity 


Ensure that valid users may access services and that data 
is produced. 

Available and usable at the request of authorized 
persons. 


Availability 


TABLE II 


CLOUD ATTACKS IN CLOUD COMPUTING 


1. Authentication ttacks 


Brute force Attack 


Dictionary Attack 


Replay Attack 


Phishing Attack 
2. Man-in-the-Middle Attack 


Wrapping Attack 


Flooding Attack 


An attacker in this type attempts all possible passwords or authentication codes in 
order to guess the correct one. 


The attacker attempts all possible passwords or authentication codes in order to guess 
the correct one 


The attacker intercepts and eavesdrops on data delivered over secure connection, then 
delays or resends it to mislead the receiver into doing what the hacker desires. 


The attacker attempts all possible passwords or authentication codes in order to guess 
the correct one 


The attacker begins by duplicating user credentials during the login time via SOAP 
messages exchanged when connectivity is established between the browser and the 
server. 


The attacker floods the cloud servers with a large number of continues requests for 
service, the cloud server evaluates the user's trustworthiness asking before giving 


Browser Attack 


Verify the sender and recipient of the message's 
identities. 

In reality, the integrity and secrecy of information are 
only significant when the sender and receiver's identities 
are fully confirmed. [14] 


Authentication 


SSL Attacks 


Ascertain that the action made will not be rejected by 
either the sender or the receiver. Denials are classified 
into two types: rejection of origin and refusal of 
destination. In the first instance, neither the sender nor 
the receiver may decline the transfer message, and 
neither can they refuse to deliver the message [13]. 


Non-repudiation 


Cloud computing environments present many challenges. 
It's a conflict-free cloud user identity management that 
provides security for data-dependent applications, protects 
the privacy of users who do not want to expose their 
identities, and maintains control over the lifecycle of 
external data. Data outsourcing is just data that is openly 
shared with different users. 
Cloud computing environments offer many benefits to the 
users, but users do not like to log in to the cloud. Many 
analyzes show that the main problem with cloud computing 
is the security threat. Security risks can cause conflicts with 
the original user data. The second most important issue in 
cloud computing is protecting user privacy [18]. 
Cloud computing provides flexible and scalable user access 
without the need for a large number of servers. In this case, 
privacy is a major issue that users should expect when they 
do not want to disclose their personal information to them 
[11] 
A. Possible Types of Cloud Security Attacks. 

When users enter the cloud to share their personal 

data, they need to be aware of the security threats 

that can attack their data. Cloud providers need to 

provide trust to their users in order to get the 

highest level of service. 


requested service, this procedure of checking utilises cloud resources 


answer the attacker's requests when interacting with the server. 


information between server and user, 


1. Because the Certifying Authority (CA) cannot guarantee the website's legitimacy 
and cannot be put in the web browser, the attacker can exploit the SSL certificate's 


restriction by performing an SSL sniffing attack. 


2 Stripping Attack. The weakness of SSL is exploited by using “\0" (null 
character) in a website name, when the SSL from client side read the domain name 
fake certificate, the null will be treated as a valid certificate and then gives a full access 


to the attacker 


The attack that results in data theft is carried out by disrupting SOAP message 
encryption and signature during message interpretation between browser and server, 
causing the browser to consider the attacker to be an authenticated user and proceed to 


Secure Socket Layer (SSL) is a defense tool that used to encrypt the passed 


3. Other Types of Attacks 


Malware Injection Attack 


Botnet Attack 


Reflection Attack 


Insider Attack 


The attacker manipulates user service information and uploads it to the cloud, then uses 
this approach to obtain access to user data, resulting in the leaking of user credential 
information and the attacker's illegal login to cloud services. 


Virtualization is a primary permissive technology in the cloud; the hacker's VM alters 


Cross VM Side-Channel Attack the services implementation in the targeted VM. resulting in processor cash that mimics 


the actions of the legitimate user; the attack chose to gather data containing energy 
consumption logs rather than targeting the virtualization layer: the attackers use the 
energy consumption logs to acquire the opportunity to collect vital information about the 
cloud. The longer the time spent on the assault by attacking the victim's computer, the 
greater the likelihood that the attempt would be detected. 


The attacker uses group or cluster of infected computers/servers to attack called stepping 
stones, the attackers gets the stepping stones through infecting them with 

botnet attack and set up what it's called Command and Control (C&C), attacker uses C&C to 
eavesdrop on the user-cloud communication exchange, steals user/server 

information or gain illegal access to the cloud services 


The attack begins with the attacker sending a fraudulent request to the targeted user, with 
tampered packets containing the user's information and IP address as the sender address. 
then each packet moves across the internet until it arrives at the destined reflector server, 
where the server is tricked into thinking that the user sent the packets and sends the 
response to the targeted user, who is overwhelmed by the other reflector servers’ responses. 


The attack happens when an employee of a company that operates a cloud server exposes 
user sensitive information or tampers with cloud server security mechanisms for financial 
gain or to harm the company's reputation 


B. The issue of cloud privacy. 


Protecting the privacy of cloud users is one of the 
service providers' most important obligations, and 
the most sensitive user information is saved in 
cloud. If your data is published in cloud, users will 
not want to share their information with others. 
Challenges that motivate cloud service providers 
to ensure privacy include inadequate user control, 
information breaches, rogue secondary storage, 
uncontrolled data delivery, and dynamic 
provisioning. 

This overview describes relevant mechanisms and 

technologies previously used for security and privacy. It 


also discusses the merits and demerits of each strategy.. 
Based on a review of the above mechanisms, it can be 


observed that the 
advantages. 


currently implemented system has more 
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I. RELATED WORK 


D. V. Chadwick et al. proposed a scalable 
structure for the confidential exchange of network 
information (CTI) among collaborators for analysis [1]. 
The proposed framework establishes a five-tier trust 
architecture for cloud-based data transfer infrastructure at 
the cloud's edge. From plain text to anonymization and 
anonymization to symmetric cipher, data owners can 
choose the appropriate confidence and method for cleaning 
CTI data to process CTI data before sending it for analysis. 
CTI analysis delivers useful cyber threat intelligence to 
users, informing them of threats to their systems. Although 
standard security software have their own built-in analytic 
tools and notify clients of the preponderance dangers 
impacting their systems, due to the quickly changing nature 
of threats and the enormous and complicated number of 
CTIs handled, they seldom identify all active threats when 
this data is being processed. This architecture is functional 
because a Data Sharing Agreement (DSA) policy aligns 
CTI data in a Protected Data Object (DPO), and DSA is 
applied on the cloud-edge or the cloud, or both, to make 
clients trust their sensitive data. It will not spread to those 
who are untrustworthy or only half trusted until it is 
adequately trusted 

To address data integrity and confidentiality 
challenges, M. Tahir et al. presented CryptoGA, a novel 
paradigm based on the genetic algorithm (GA) [12]. They 
used GA to create the encryption and decryption keys in 
this case, and encryption methods are utilized to protect the 
security and integrity of the cloud data. Evaluations and 
comparisons take into account of the common known 
parameters such as execution time, performance, key size, 
and avalanche effect. This experiment uses 10 different sets 
of test and validation data. 

To improve cloud computing data security, Tabet 
et al. offer a lightweight encryption technique. A suggested 
technique for improving data security that may be used to 
safeguard cloud-based applications [3]. The algorithm is a 
16-byte (128-bit) block cypher that encrypts data with a 16- 
byte (128-bit) key. It is built on the original architecture 
arrangement and substitution technologies to boost the 
encryption's complexity. This algorithm applies Shannon's 
propagation and confusion theory using logical operations 
(XOR, XNOR, transformation, and substitution). It is also 
flexible in choosing key length and number of turns. 
Compared with the password system, the experimental 
findings of the suggested method which is extensively used 
in cloud computing show that the algorithm has higher 
security, and its performance in terms of password 
execution time and security has been greatly improved. 
According to the National Institute of Standards and 
Technology (NIST) [19], confidentiality, availability, and 
integrity are basic requirements for cloud computing. 


e Authentication Confirm the identity of the sender 
and recipient of the message. 

e Availability Ensure availability of services to 
legitimate users and data production whenever 
needed. 

e Authorization establish that the access points are 
reserved for clients who have provided certain 
information. 


` 


Security Requirement 


3 


integrity Availability 


Figure 1: Basic security for cloud computing 


K Kumar et al., proposed an algorithm that uses 
image masking and image segmentation to protect user 
data. In this case, image segmentation is used to mask data 
in different parts of the image [4]. The proposed 
algorithm's performance is assessed using numerous 
metrics such as PSNR and MSE value, and the results are 
compared to other existing techniques for pictures of 
various sizes. Steganography is the method of concealing 
data in a picture so that human eye cannot see the data. 
There are many methods of hiding information such as 
image masking, video masking, and audio masking. They 
devised a steganography and image hashing-based 
technique that can only conceal secrets in the original cover 
photo's computation or processing part. Confidential data is 
stored in a text file, the original message is encrypted with 
the RSA encryption technique, and the key is acquired. 
Then, copy and paste the key into the grayscale image's 
chosen pixels. Lastly, save a Stego image to the cloud. 
Stego is utilised as the input in the receiving procedure, all 
the stages are reversed, after which, the server receives the 
key from the image and uses the key to decrypt the original 
confidential data. 

Narayanan, U. et al. Introduces a global picture of 
how to solve the major security challenges of big data in 
the cloud [5]. They proposed a new system architecture 
called SADS-Cloud, which supports the big data 
environment . It entails three processes: I big data 
outsourcing, (ii) big data interchange, and (iii) big data 
analysis. When substantial amounts of data are outsourced, 
the data owner scores in the trusted centre using the SHA-3 
hash algorithm. The MapReduce approach is used to 
partition the input file into fixed-size chunks. Each block is 
encrypted using the SALSA20 algorithm. When vast 
amounts of data are exchanged, data consumers take part in 
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safe file recovery. This is accomplished by hashing the 
user's credentials and comparing them to the database. Big 
data management incorporates three fundamental 
procedures for managing big data: compression, clustering, 
and indexing utilizing the Lemperl Ziv Markov Algorithm 
(LZMA), density-based application noise clustering 
(DBSCAN), and the usage of fractional index trees. Index 
of files in the cloud database, where you can perform 
individual searches, inserts and deletes. This work 
proposes four entities. Trust center (TC), data user (DU) 
cloud server (CS) and data owner (DO). It solves the two 
main issues of user privacy and data security in the cloud 
that underpins big data. In order to securely authenticate 
users (data owners and users), they proposed the SHA-3 
hash algorithm. Hash messages containing user information 
and saved in TC and CS. The data owner sends the data to 
the cloud server in a secure manner. The data is 
compressed using the LZMA compression method to 
optimize cloud storage for big data. Then data is encrypted 
using SALSA20 MapReduce to reduce encoding and 
decoding times. After the encryption is complete, send the 
data to CS. If the user requests the data to retrieve the data, 
it must be authenticated. Use the private key stream to 
retrieve and decrypt the required file. Consider two 
processes for managing big data through the cloud, such as 
using DBSCAN and fractal trees for clustering and 
indexing, respectively. 

H ZHU et al. introduced a data integrity 
verification system based on a short signature algorithm 
(ZSS signature) that allows confidentiality and public 
inspection [6] by introducing a trusted third party whilst 
also reducing the burden of the hash function in the signing 
process, computational expenses are effectively reduced. It 
can withstand adaptive message selection assaults based on 
CDH's hard problem assumption. According to the 
evaluation, the circuit is more efficient and safe. The BLS 
signing mode must use the specific hash function, and the 
performance of batch signing is poor in the large data 
setting. . 

Y Fan et al. Cloud users are given a set of 
permissions; duplication can only be performed if the cloud 
user has the appropriate permissions [7]. In addition, the 
solution strengthens fusion cryptography through user 
privileges and relies on the Trusted Runtime Environment 
(TEE) to manage keys securely, enabling these 
cryptosystems to defend against plaintext and chosen- 
ciphertext attacks 
Sharma et al., proposed a security model to improve data 
privacy in the cloud. They used multiple encryption 
techniques, emphasizing the importance of data security 
and privacy protection [8]. They use a secure block cipher, 
AES and RSA, which provide higher security when storing 
data. The data go through a multi-layer encryption and 
decryption process, which effectively improves data 
security. To encrypt data, RSA algorithm is used, which 


will create the first encryption level for the corresponding 
file. The AES technique is then utilised in the second part 
of the encryption process to encrypt the encrypted files 
from the first stage in order to create the ciphertext. The 
decryption method is the opposite of the encryption 
procedure. The presented model includes multi-level 
encryption that is difficult to crack, because unauthorized 
users need encryption keys and decryption keys to retrieve 
data, which will inevitably become a complex undertaking 
without an effective key that cannot be completed. 

The use of multi-level cryptography is projected to provide 
greater Cloud data security storage than single-level 
cryptography 

Suyel Namasudra suggested a method for 
securing data in computer accounts using attribute-based 
encryption. This approach employs  Attribute-based 
Encryption (ABE), Distributed Hash Table Network 
(DHT), and Identity-based Time Synchronization (IDTRE) 
encryption [9]. In this case, user characteristics are utilised 
to encrypt data or resources first, and the encrypted 
material is separated into encapsulated ciphertext and 
extracted ciphertext. Then, using the IDTRE technique, 
encrypt the decryption key and combine the key's cypher 
text with the recovered cypher text to generate a public 
cypher text. Finally, the cypher text is distributed 
throughout the DHT network, and the wrapped cypher text 
is kept on the cloud server. 

M. Sohal et al. suggested an encryption approach 
that encrypts data before it is uploaded to the cloud by 
using data from the client side for encryption. It has a 
symmetrical structure multiplex encoding method based on 
DNA coding [10]. DNA coding has many computational 
flaws because it requires high-tech laboratories to actually 
implement the technology. It is impossible to automate the 
DNA process. DNA synthesis requires manual processing 
at each stage, this has become a drawback to its overall 
growth as a result, pseudo-DNA coding approaches have 
gained popularity to enable address DNA's flaws coding. 
Its mechanism of action is similar to that of DNA synthesis, 
but this does not involve having the laboratory synthesis of 
DNA bases. The method proposed in [10] is a pseudo-DNA 
technique, which is based on the workings of DNA coding, 
but does not use DNA coding. This method is an algorithm 
of symmetric key, especially for binary data. They mainly 
use a random dynamic cipher table, thus improving 
security. 
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TABLE III 


ANALYSIS OF MODELS AND METHODS USED TO ENHANCE DATA SECURITY SUMMARIZED. 


Author Method Advantages 


S Title 
vo 

David W Chadwick, Wenjun 
Fan, Gianpiero Constantino, 
Rogerio DeLemos, Francesco 
Di Cerbo, Ian 

Herwono, Paolo Mori, Ali 
Sajjad, Xiao-Si Wang, Mirko 


A cloud-edge based data 
security 

architecture for sharing 
and analyzing 

cyber threat information 


Anonymiuzation, 
pseudonymization 
and homomorphic 


ae data 
encryption 


CryptoGA: 

a cryptosystem based on 
genetic algorithm for 
cloud datasecurity 


Muhammad Sardaraz. Zahid Robustness and 
Mehmood, Shakoor 


Muhammad 


Genetic Algorithm 


Fursan Thabit, Sharaf 
Alhomdy Abdulrazzaq H.A, 
Al-Ahdal, Sudhir Jagtap 


Lightweight 
cryptographic 
algorithm 


of key size, Fast 
execution time 


A Novel Approach for 
Data Security in Cloud 
Environment Using 


Image 
R. Kiran Kumar. D. Suneetha| steganography and 


image segmentation confidentiality 


Segmentation and Image 


A Novel System 


Architecture for Secure e A 
Uma Narayanan, 


Varghese Paul, Shelbi Joseph 


Authentication and Data 
Sharing in 

Cloud Enabled Big Data 
Environment 


novel system 


architecture. confidentiality 


A Secure and Efficient |Hongliang Zhu, Ying Yuan, 
Data Integrity Verification| Yuling Chen. Yaxing Zha. 
Scheme for Cloud-IoT |Wanying Xil, Bin Jia, Yang 


Based on Short Signature zen 


Short signature 
algorithm 


A secure privacy 
preserving deduplication 
scheme for cloud 
computing 


Yongkai Fan, Xiaodong Lin. 


ei Liang, Gang Tan, Trusted execution 


environment management 


A Security Model for the 
Enhancement 

of Data Privacy 

in Cloud Computing 


An Attribute-based 
improved attribute-based i 
encryption technique 
towards the data security 
in cloud computing 


Multiple encryption 


Better privacy 


Suyel Namasudra : 
= prevention 


based time-release 
encryption 
are employed. 


BDNA-A 

DNA Inspired Symmetric 

Key Cryptographic 

Technique to Secure Manreet Sohal. Sandeep 
Cloud Computing Sharma 


on DNA 
cryptography, a 
odified symmetric- 
key cryptography 
system was 
developed. 


High confidentiality 
for the sensitive user 


better performance 


Flexibility in length 


Better security. 


Better performance. 


Disadvantages 


The same common data sharing 
agreement policy is wrapped in data 


Memory requirement 


Remote data integrity not considered 


Uses a grayscale image in the spatial 
domain. 


High computational time 


The technique does not apply to data 
integrity verification in multiple 


Yy |Highly causes from security attacks 


The model Data remanence and data 


data confidentiality |lineage 


Data or resources cannot be accessed 
before to their chosen release period, 
and data self-destruct beyond their 
predefined expiration time. 


High computation cost 
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Conclusion 


There are many benefits for using cloud computing, such as 
cost efficiency, rapid deployment, and improved 
availability, but there are still many practical challenges to 
be resolved. Data privacy is one of them. Cloud computing 
is a new technology used by many consumers for public 
storage and data exchange, one of the most important of 
which is security and privacy. This article analyzes the 
theoretical analysis of different security concerns of several 
forms and different issues affecting user data privacy, as 
well as ways to mitigate security threats that appear in 
cloud environments in real time. It also discusses ways to 
solve confidentiality problems. The detailed explanation of 
these methods summarizes and describes the advantages of 
different method used in cloud computing environment. 
The survey discusses the many possible ways around these 
problems, and discusses various encryption techniques for 
dealing with security risks. This survey has focused on the 
different proposed models, schemes and architectures that 
researchers have used to enhance data security in cloud 
computing. 
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